The beauty of Armitage is it allows you to scan targets, whilst automatically recommending appropriate exploits and makes the execution of said attacks exceptionally easy, all via a nice gui.
The application is aimed at Security Professionals who whilst understanding hacking and knowing what they want to accomplish with Metasploit, may not be familiar enough with Metasploit itself to carry the required actions out. This is a brief introduction into Armitage's power...
I started with a Backtrack 4 R2 iso installed into a VirtualBox VM, connected to my LAN via a Bridged Adapter. Installing Backtrack into a VM is very easy, and instructions can be found on Google if required.
Prior to running Armitage its important to update Metasploit to the latest release of the framework. This is accomplished from a terminal window by running the following command:
msfupdate Once complete, as per the Armitage tutorial, open a terminal window and run the following commands: cd /pentest/exploits/framework3 ./msfrpcd -f -U msf -P test -t Basic This will start the Metasploit RPC daemon accepting local and remote connections. Then we need to start MySQL with the following command: /etc/init.d/mysql start.
Once complete we need to download the latest Armitage release onto our VM, at the time of writing this can be found at http://www.fastandeasyhacking.com/download/armitage011811.tgz Extract the contents of the tar into a relevant folder within the VM and then start using ./armitage.sh
Making sure that 'Use SSL' is ticked and the username/password match the earlier msfrpcd command! Presuming all is well, click connect and Armitage will load as per below
Now the fun starts! Before we go on I should mention I've another VM loaded on a Bridged Adapter which is a purposefully out of date Windows XP machine... To scan network for machines, click hosts -> nmap scan -> . Once the nmap scan is complete the following should be displayed:
then Click Attacks -> Find Attacks -> By Port
Step 5 Right click on the target machine
In this example, Armitage has highlighted MS08_067 as an applicable vulnerability, and from there the relevant options can be configured.
Step 6 Those with a keen eye will have noticed that not only do I now have the options of a meterpreter session, but also the icon has changed for the victim machine.
Obviously from here I could show the processes, dump the hashes, browse files, get a webcam screenshot, etc etc.
Metasploit has always been a great tool, I believe Armitage now places the power of Metasploit in the hands of those who aren't terminal or command line savvy.
For more information see:
Cross-posted from Yeleek